Fix #2288 allow redirect after logout, only if the target URL is internal

2026-05-09 20:12:14 +09:00 · 2024-01-30 21:37:43 +09:00 · 2024-01-30 21:37:43 +09:00 · 00db22abdb
commit 00db22abdb
parent a36d728ad9
2 changed files with 21 additions and 5 deletions
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@ -134,11 +134,20 @@ class MemberController extends Member
 		// If a device key is present, unregister it.
 		Rhymix\Modules\Member\Controllers\Device::getInstance()->autoUnregisterDevice($logged_info->member_srl);
 		// Set redirect URL.
 		$output = new BaseObject();
-		$config = ModuleModel::getModuleConfig('member');
+		$redirect_url = Context::get('redirect_url');
-		if($config->after_logout_url)
+		if ($redirect_url && Rhymix\Framework\URL::isInternalURL($redirect_url))
 		{
-			$output->redirect_url = $config->after_logout_url;
+			$output->redirect_url = $redirect_url;
 		}
 		else
 		{
 			$config = ModuleModel::getModuleConfig('member');
 			if($config->after_logout_url)
 			{
 				$output->redirect_url = $config->after_logout_url;
 			}
 		}
 		return $output;
 	}
--- a/modules/member/member.view.php
+++ b/modules/member/member.view.php
@ -897,12 +897,19 @@ class MemberView extends Member
 		// Redirect if not logged in.
 		if(!Context::get('is_logged'))
 		{
-			$this->setRedirectUrl(getNotEncodedUrl('act', ''));
+			$this->setRedirectUrl(getNotEncodedUrl('act', '', 'redirect_url', ''));
 			return;
 		}
 		$output = MemberController::getInstance()->procMemberLogout();
-		$this->setRedirectUrl(isset($output->redirect_url) ? $output->redirect_url : getNotEncodedUrl('act', ''));
+		if (!empty($output->redirect_url))
 		{
 			$this->setRedirectUrl($output->redirect_url);
 		}
 		else
 		{
 			$this->setRedirectUrl(getNotEncodedUrl('act', '', 'redirect_url', ''));
 		}
 	}
 	/**